[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: User management
From: |
Jamie Wilkinson |
Subject: |
Re: User management |
Date: |
Wed, 28 Sep 2005 09:55:14 +1000 |
User-agent: |
Mutt/1.5.6+20040907i |
This one time, at band camp, Matthew Palmer wrote:
>This *feels* like a dirty hack to me; there has to be a more cfengine way,
>but I'm not sure which method would be nicest. Any suggestions? Google
>(surprisingly) didn't give me much love with queries like "cfengine create
>user" and "cfengine manage users".
For system users:
groups:
user_X_exists = ( ReturnsZero(/bin/sh -c "/usr/bin/id -u X >& /dev/null")
)
shellcommands:
!user_X_exists.redhat::
"/usr/sbin/useradd -r -c X -s /sbin/nologin -d / -M -g nobody X
!user_X_exists.debian::
"/usr/sbin/adduser --system --gecos X --shell /bin/false --home /
--no-create-home --disabled-login --disabled-password --group nobody X"
I do it with macros, so I don't have to type all that crap for every system
user I need, and so things like home directory and default group can be
changed easily.
In a perfect world, this idiom would turn into a users: section, but alas
I've not yet had the time to write a patch.
For humans, I use LDAP, and cfengine just takes care of configuring the auth
system.
- User management, Matthew Palmer, 2005/09/27
- Re: User management,
Jamie Wilkinson <=